Jump to content

infected computer ): FRST scan attached


Recommended Posts

Here's the FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by nate (administrator) on NATHANS on 21-06-2014 09:50:54
Running from C:\Users\nate\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Spotify Ltd) C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\nate\AppData\Roaming\Spotify\spotify.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\nate\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2012-07-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1659976 2011-06-23] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [Facebook Update] => "C:\Users\nate\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [Google Update] => C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-09] (Google Inc.)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spotify Web Helper] => C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [968830F47F5DCD5F4AABA40836FED0EF18F9C861._service_run] => C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spotify] => C:\Users\nate\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-15] (Spotify Ltd)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\MountPoints2: {c89f4fc6-c387-11e0-81f4-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\nate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {9C0639F2-C2ED-4814-9CB3-C69D0260197C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {BA709092-8FBD-4A89-9097-24CAEFAA681B} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110822153405.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121011162822.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3DC09B79-918A-42B2-B483-BA54A14AF754}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{51FEEEDE-6494-4CCD-B694-EF71E60C070E}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E48734B3-E360-4981-A7A9-8AEA12DB3038}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default
FF DefaultSearchEngine: search
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: search
FF Homepage: hxxp://search.yahoo.com/?type=586383&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U164HD&PC=U164H&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\nate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\nate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\nate\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\nate\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\nate\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\nate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\nate\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\nate\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\searchplugins\yahoo_ff.xml
FF Extension: SvcVwr 1.0 Object - C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\Extensions\{863C56C3-D45C-95C1-DF5F-6944590C9551} [2014-06-12]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-10]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-28]
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (YouTube) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-08]
CHR Extension: (Google Search) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-08]
CHR Extension: (AdBlock) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-08]
CHR Extension: (Google Wallet) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-08]
CHR Extension: (Gmail) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\nate\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [501768 2011-06-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-10] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-21 09:50 - 2014-06-21 09:51 - 00033266 _____ () C:\Users\nate\Downloads\FRST.txt
2014-06-21 09:50 - 2014-06-21 09:51 - 00000000 ____D () C:\FRST
2014-06-21 09:47 - 2014-06-21 09:47 - 02083328 _____ (Farbar) C:\Users\nate\Downloads\FRST64.exe
2014-06-21 09:34 - 2014-06-21 09:34 - 05209566 _____ (Swearware) C:\Users\nate\Downloads\ComboFix.exe
2014-06-21 09:31 - 2014-06-21 09:31 - 04485528 _____ (AVG Technologies) C:\Users\nate\Downloads\avg_isct_stb_all_2014_4577_cnet.exe
2014-06-21 09:29 - 2014-06-21 09:29 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nate\Desktop\tdsskiller (1).exe
2014-06-21 09:28 - 2014-06-21 09:28 - 00000632 _____ () C:\Users\nate\Desktop\JRT.txt
2014-06-21 05:52 - 2014-06-21 05:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-20 16:39 - 2014-06-20 16:39 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials (2).pptx
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-06-19 23:46 - 2014-06-20 03:21 - 00000000 ____D () C:\Windows\pss
2014-06-17 07:31 - 2014-06-21 04:50 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-17 06:31 - 2014-06-17 06:32 - 05268992 _____ () C:\Users\nate\Downloads\RogueKillerX64 (1).exe
2014-06-13 21:37 - 2014-06-13 21:37 - 00011657 _____ () C:\Users\nate\Documents\missions team contact.xlsx
2014-06-13 16:54 - 2014-06-17 01:39 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Sauvzyeb
2014-06-11 17:51 - 2014-06-11 17:51 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials (1).pptx
2014-06-11 17:50 - 2014-06-11 17:50 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials.pptx
2014-06-11 08:56 - 2014-05-30 03:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:56 - 2014-05-30 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:56 - 2014-05-30 03:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 08:56 - 2014-05-30 02:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:56 - 2014-05-30 02:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:56 - 2014-05-30 02:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 08:56 - 2014-05-30 02:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 08:56 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:56 - 2014-05-30 02:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 08:56 - 2014-05-30 02:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:56 - 2014-05-30 02:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:56 - 2014-05-30 02:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 08:56 - 2014-05-30 02:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 08:56 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:56 - 2014-05-30 02:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 08:56 - 2014-05-30 02:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:56 - 2014-05-30 02:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:56 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:56 - 2014-05-30 01:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 08:56 - 2014-05-30 01:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 08:56 - 2014-05-30 01:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:56 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:56 - 2014-05-30 01:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:56 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 08:56 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 08:56 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:56 - 2014-05-30 01:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 08:56 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:56 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 08:56 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:56 - 2014-05-30 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:56 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:56 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 08:56 - 2014-05-30 01:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 08:56 - 2014-05-30 01:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:56 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:56 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 08:56 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 08:56 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:56 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:56 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:56 - 2014-05-30 00:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:56 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:56 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 08:56 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:56 - 2014-05-30 00:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:56 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:56 - 2014-05-30 00:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:56 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:56 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:56 - 2014-05-30 00:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 08:56 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 08:56 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:56 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:56 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:56 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 08:56 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:56 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:56 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 08:56 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 08:56 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:56 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 08:56 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 08:56 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 08:55 - 2014-06-08 02:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 08:55 - 2014-06-08 02:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 10:35 - 2014-06-13 21:42 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Uwnoafxa
2014-06-08 21:12 - 2014-06-21 08:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-08 21:11 - 2014-06-21 05:21 - 00000000 ____D () C:\Users\nate\Desktop\mbar
2014-06-08 21:11 - 2014-06-21 04:48 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 21:10 - 2014-06-08 21:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\nate\Downloads\mbar-1.07.0.1012.exe
2014-06-08 21:06 - 2014-06-08 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nate\Downloads\tdsskiller.exe
2014-06-06 09:33 - 2014-06-06 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-06 09:32 - 2014-06-06 09:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-06 09:32 - 2014-06-06 09:33 - 00000000 ____D () C:\Program Files\iTunes
2014-06-06 09:32 - 2014-06-06 09:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-06 09:32 - 2014-06-06 09:32 - 00000000 ____D () C:\Program Files\iPod
2014-06-06 08:22 - 2014-06-06 08:23 - 05245952 _____ () C:\Users\nate\Downloads\RogueKillerX64.exe
2014-06-05 10:27 - 2014-06-08 21:35 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Voywgusi
2014-06-01 01:44 - 2014-06-02 14:12 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Ydabbic
2014-05-31 00:15 - 2014-05-31 00:16 - 01016261 _____ (Thisisu) C:\Users\nate\Downloads\JRT.exe
2014-05-31 00:13 - 2014-05-31 00:13 - 01327971 _____ () C:\Users\nate\Downloads\adwcleaner_3.211.exe
2014-05-31 00:11 - 2014-05-31 00:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-05-30 23:49 - 2014-05-30 23:51 - 10971424 _____ (SurfRight B.V.) C:\Users\nate\Downloads\HitmanPro_x64.exe
2014-05-28 19:42 - 2014-05-28 19:42 - 00022209 _____ () C:\Users\nate\Desktop\RKreport[0]_D_05282014_194223.txt
2014-05-28 19:37 - 2014-05-28 19:37 - 00022061 _____ () C:\Users\nate\Desktop\RKreport[0]_S_05282014_193704.txt
2014-05-28 02:00 - 2014-05-30 17:36 - 00000000 ____D () C:\Users\nate\AppData\Local\Adobe
2014-05-27 09:23 - 2014-05-30 16:56 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Omhoydfu
2014-05-27 09:19 - 2014-05-27 09:19 - 00000000 ____D () C:\Users\nate\AppData\Local\Skype
2014-05-27 09:18 - 2014-05-27 09:18 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-26 19:43 - 2014-05-26 19:43 - 00001997 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-26 19:36 - 2014-05-26 19:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-26 19:36 - 2014-05-26 19:36 - 00001990 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-26 03:02 - 2014-05-26 03:02 - 01071792 _____ (Solid State Networks) C:\Users\nate\Downloads\Unconfirmed 713332.crdownload
2014-05-24 17:13 - 2014-06-14 15:43 - 00001723 _____ () C:\Users\nate\Desktop\Computer.lnk
2014-05-24 17:13 - 2014-06-14 15:43 - 00000288 _____ () C:\Users\nate\AppData\Roaming\537DD183.reg
2014-05-22 12:37 - 2014-05-22 12:40 - 00002430 _____ () C:\Users\nate\Desktop\Rkill.txt
2014-05-22 12:36 - 2014-05-22 12:36 - 00002884 _____ () C:\Users\nate\Desktop\RKreport[0]_D_05222014_123641.txt
2014-05-22 12:36 - 2014-05-22 12:36 - 00002849 _____ () C:\Users\nate\Desktop\RKreport[0]_S_05222014_123607.txt
 
==================== One Month Modified Files and Folders =======
 
2014-06-21 09:51 - 2014-06-21 09:50 - 00033266 _____ () C:\Users\nate\Downloads\FRST.txt
2014-06-21 09:51 - 2014-06-21 09:50 - 00000000 ____D () C:\FRST
2014-06-21 09:49 - 2011-08-10 12:39 - 01621778 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 09:47 - 2014-06-21 09:47 - 02083328 _____ (Farbar) C:\Users\nate\Downloads\FRST64.exe
2014-06-21 09:46 - 2014-01-27 18:11 - 00000000 ____D () C:\Users\nate\AppData\Roaming\BitTorrent
2014-06-21 09:42 - 2011-10-05 18:34 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Spotify
2014-06-21 09:36 - 2012-09-24 22:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 09:34 - 2014-06-21 09:34 - 05209566 _____ (Swearware) C:\Users\nate\Downloads\ComboFix.exe
2014-06-21 09:31 - 2014-06-21 09:31 - 04485528 _____ (AVG Technologies) C:\Users\nate\Downloads\avg_isct_stb_all_2014_4577_cnet.exe
2014-06-21 09:29 - 2014-06-21 09:29 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nate\Desktop\tdsskiller (1).exe
2014-06-21 09:28 - 2014-06-21 09:28 - 00000632 _____ () C:\Users\nate\Desktop\JRT.txt
2014-06-21 09:12 - 2014-05-08 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 08:54 - 2012-01-09 22:42 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA.job
2014-06-21 08:53 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\nate\AppData\Roaming\DropboxMaster
2014-06-21 08:53 - 2013-05-18 12:14 - 00000000 ____D () C:\Users\nate\AppData\Local\Spotify
2014-06-21 08:53 - 2012-10-15 12:16 - 00000000 ___RD () C:\Users\nate\Dropbox
2014-06-21 08:53 - 2012-10-15 12:13 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Dropbox
2014-06-21 08:51 - 2014-06-08 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-21 08:51 - 2012-09-24 22:38 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 07:06 - 2011-08-23 00:26 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA.job
2014-06-21 05:57 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 05:57 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 05:52 - 2014-06-21 05:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-21 05:50 - 2011-08-17 01:15 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-06-21 05:50 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 05:50 - 2009-07-13 21:51 - 00074486 _____ () C:\Windows\setupact.log
2014-06-21 05:49 - 2011-08-17 01:18 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Adobe
2014-06-21 05:49 - 2010-11-21 00:16 - 00000000 ____D () C:\Windows\ShellNew
2014-06-21 05:49 - 2010-11-20 20:47 - 00301314 _____ () C:\Windows\PFRO.log
2014-06-21 05:21 - 2014-06-08 21:11 - 00000000 ____D () C:\Users\nate\Desktop\mbar
2014-06-21 04:50 - 2014-06-17 07:31 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 04:48 - 2014-06-08 21:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 23:26 - 2011-08-17 01:15 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-06-20 23:26 - 2011-08-10 12:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-06-20 22:45 - 2014-03-28 12:29 - 00000000 ____D () C:\Users\nate\AppData\Local\Iqczsoft
2014-06-20 22:42 - 2012-01-09 22:42 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core.job
2014-06-20 22:42 - 2011-08-23 00:25 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core.job
2014-06-20 16:39 - 2014-06-20 16:39 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials (2).pptx
2014-06-20 16:04 - 2011-11-11 20:12 - 00000000 ____D () C:\Users\nate\AppData\Local\PMB Files
2014-06-20 16:04 - 2011-11-11 20:12 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-20 16:00 - 2011-08-17 01:15 - 00003488 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-06-20 03:21 - 2014-06-19 23:46 - 00000000 ____D () C:\Windows\pss
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-06-19 23:35 - 2014-03-26 11:34 - 00000000 ____D () C:\Users\nate\Documents\Taiwan Missions
2014-06-19 00:21 - 2014-04-14 17:27 - 00000000 ____D () C:\Users\nate\AppData\Local\CrashDumps
2014-06-18 22:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system
2014-06-18 12:40 - 2014-04-12 09:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-06-18 12:31 - 2012-09-24 22:38 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 12:31 - 2012-09-24 22:38 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 23:16 - 2012-09-24 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-03-18 22:09 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Malwarebytes
2014-06-17 07:30 - 2014-03-18 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 07:30 - 2014-03-18 22:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-17 06:32 - 2014-06-17 06:31 - 05268992 _____ () C:\Users\nate\Downloads\RogueKillerX64 (1).exe
2014-06-17 01:39 - 2014-06-13 16:54 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Sauvzyeb
2014-06-17 01:39 - 2011-08-28 22:32 - 00000000 ____D () C:\Windows\hpoj4500g510g-m
2014-06-16 21:49 - 2012-01-09 22:42 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA
2014-06-16 21:49 - 2012-01-09 22:42 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core
2014-06-14 15:43 - 2014-05-24 17:13 - 00001723 _____ () C:\Users\nate\Desktop\Computer.lnk
2014-06-14 15:43 - 2014-05-24 17:13 - 00000288 _____ () C:\Users\nate\AppData\Roaming\537DD183.reg
2014-06-14 01:41 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-06-13 22:18 - 2012-01-09 22:44 - 00002374 _____ () C:\Users\nate\Desktop\Google Chrome.lnk
2014-06-13 21:48 - 2013-07-18 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 21:42 - 2014-06-09 10:35 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Uwnoafxa
2014-06-13 21:37 - 2014-06-13 21:37 - 00011657 _____ () C:\Users\nate\Documents\missions team contact.xlsx
2014-06-12 03:08 - 2011-08-27 10:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:06 - 2012-01-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 03:04 - 2014-05-09 03:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 17:51 - 2014-06-11 17:51 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials (1).pptx
2014-06-11 17:50 - 2014-06-11 17:50 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials.pptx
2014-06-08 21:35 - 2014-06-05 10:27 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Voywgusi
2014-06-08 21:11 - 2014-06-08 21:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\nate\Downloads\mbar-1.07.0.1012.exe
2014-06-08 21:06 - 2014-06-08 21:06 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\nate\Downloads\tdsskiller.exe
2014-06-08 02:13 - 2014-06-11 08:55 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 02:08 - 2014-06-11 08:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 22:21 - 2012-10-10 07:04 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Mozilla
2014-06-06 09:33 - 2014-06-06 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-06 09:33 - 2014-06-06 09:32 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-06 09:33 - 2014-06-06 09:32 - 00000000 ____D () C:\Program Files\iTunes
2014-06-06 09:33 - 2014-06-06 09:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-06 09:32 - 2014-06-06 09:32 - 00000000 ____D () C:\Program Files\iPod
2014-06-06 08:23 - 2014-06-06 08:22 - 05245952 _____ () C:\Users\nate\Downloads\RogueKillerX64.exe
2014-06-02 19:22 - 2014-03-18 20:51 - 00000000 ____D () C:\AdwCleaner
2014-06-02 14:12 - 2014-06-01 01:44 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Ydabbic
2014-06-01 00:58 - 2011-08-20 00:38 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Skype
2014-05-31 00:16 - 2014-05-31 00:15 - 01016261 _____ (Thisisu) C:\Users\nate\Downloads\JRT.exe
2014-05-31 00:13 - 2014-05-31 00:13 - 01327971 _____ () C:\Users\nate\Downloads\adwcleaner_3.211.exe
2014-05-31 00:11 - 2014-05-31 00:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-05-30 23:51 - 2014-05-30 23:49 - 10971424 _____ (SurfRight B.V.) C:\Users\nate\Downloads\HitmanPro_x64.exe
2014-05-30 17:36 - 2014-05-28 02:00 - 00000000 ____D () C:\Users\nate\AppData\Local\Adobe
2014-05-30 17:06 - 2012-10-15 12:16 - 00001025 _____ () C:\Users\nate\Desktop\Dropbox.lnk
2014-05-30 17:06 - 2012-10-15 12:15 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-30 17:00 - 2011-08-17 01:15 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-30 16:56 - 2014-05-27 09:23 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Omhoydfu
2014-05-30 15:44 - 2013-02-07 09:42 - 00000000 ____D () C:\Users\nate\Documents\Church
2014-05-30 03:21 - 2014-06-11 08:56 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 03:02 - 2014-06-11 08:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 03:02 - 2014-06-11 08:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 02:45 - 2014-06-11 08:56 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 02:39 - 2014-06-11 08:56 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 02:39 - 2014-06-11 08:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 02:38 - 2014-06-11 08:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 02:28 - 2014-06-11 08:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 02:27 - 2014-06-11 08:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 02:24 - 2014-06-11 08:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 02:21 - 2014-06-11 08:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 02:21 - 2014-06-11 08:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 02:20 - 2014-06-11 08:56 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 02:18 - 2014-06-11 08:56 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 02:11 - 2014-06-11 08:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 02:08 - 2014-06-11 08:56 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 02:06 - 2014-06-11 08:56 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 02:02 - 2014-06-11 08:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 01:55 - 2014-06-11 08:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 01:49 - 2014-06-11 08:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 01:46 - 2014-06-11 08:56 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 01:44 - 2014-06-11 08:56 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 01:44 - 2014-06-11 08:56 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 01:43 - 2014-06-11 08:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 01:42 - 2014-06-11 08:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 01:38 - 2014-06-11 08:56 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 01:35 - 2014-06-11 08:56 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 01:34 - 2014-06-11 08:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 01:33 - 2014-06-11 08:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 01:30 - 2014-06-11 08:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 01:29 - 2014-06-11 08:56 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 01:28 - 2014-06-11 08:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 01:27 - 2014-06-11 08:56 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 01:24 - 2014-06-11 08:56 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 01:23 - 2014-06-11 08:56 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 01:16 - 2014-06-11 08:56 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 01:10 - 2014-06-11 08:56 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 01:06 - 2014-06-11 08:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 01:04 - 2014-06-11 08:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 01:02 - 2014-06-11 08:56 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 00:56 - 2014-06-11 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 00:56 - 2014-06-11 08:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 00:54 - 2014-06-11 08:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 00:50 - 2014-06-11 08:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 00:49 - 2014-06-11 08:56 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 00:43 - 2014-06-11 08:56 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 00:40 - 2014-06-11 08:56 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 00:30 - 2014-06-11 08:56 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 00:21 - 2014-06-11 08:56 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 00:15 - 2014-06-11 08:56 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 00:13 - 2014-06-11 08:56 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 00:13 - 2014-06-11 08:56 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 17:20 - 2011-08-17 01:15 - 00004228 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-05-28 19:42 - 2014-05-28 19:42 - 00022209 _____ () C:\Users\nate\Desktop\RKreport[0]_D_05282014_194223.txt
2014-05-28 19:42 - 2014-05-07 16:05 - 00000000 ____D () C:\Users\nate\Desktop\RK_Quarantine
2014-05-28 19:37 - 2014-05-28 19:37 - 00022061 _____ () C:\Users\nate\Desktop\RKreport[0]_S_05282014_193704.txt
2014-05-27 14:13 - 2014-05-08 12:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 14:13 - 2014-05-08 12:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 14:13 - 2014-05-08 12:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 09:19 - 2014-05-27 09:19 - 00000000 ____D () C:\Users\nate\AppData\Local\Skype
2014-05-27 09:18 - 2014-05-27 09:18 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-27 09:18 - 2014-05-27 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-27 09:18 - 2011-08-20 00:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-27 09:18 - 2011-08-20 00:38 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 19:43 - 2014-05-26 19:43 - 00001997 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-26 19:43 - 2011-09-06 14:36 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-05-26 19:43 - 2011-09-06 14:36 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-05-26 19:43 - 2011-09-06 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-05-26 19:36 - 2014-05-26 19:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-26 19:36 - 2014-05-26 19:36 - 00001990 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-26 19:36 - 2011-08-10 12:51 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-26 19:36 - 2011-08-10 12:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-26 03:02 - 2014-05-26 03:02 - 01071792 _____ (Solid State Networks) C:\Users\nate\Downloads\Unconfirmed 713332.crdownload
2014-05-23 12:13 - 2014-03-10 15:30 - 00000000 ____D () C:\Users\nate\AppData\Local\Windows Live
2014-05-22 22:20 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-22 22:13 - 2014-05-15 11:35 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Tireawv
2014-05-22 12:40 - 2014-05-22 12:37 - 00002430 _____ () C:\Users\nate\Desktop\Rkill.txt
2014-05-22 12:36 - 2014-05-22 12:36 - 00002884 _____ () C:\Users\nate\Desktop\RKreport[0]_D_05222014_123641.txt
2014-05-22 12:36 - 2014-05-22 12:36 - 00002849 _____ () C:\Users\nate\Desktop\RKreport[0]_S_05222014_123607.txt
 
Some content of TEMP:
====================
C:\Users\nate\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhnmr6.dll
C:\Users\nate\AppData\Local\Temp\ntdll_dump.dll
C:\Users\nate\AppData\Local\Temp\SE8295.tmp.dll
C:\Users\nate\AppData\Local\Temp\SE97B6.tmp.dll
C:\Users\nate\AppData\Local\Temp\SECAB6.tmp.dll
C:\Users\nate\AppData\Local\Temp\SEDED3.tmp.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-20 03:52
 
==================== End Of Log ============================
 
Post was too long, so addition.txt is on next post.
 
Finally, I've tried several virus cleaners/malware cleaners including malwarebytes. Most of the time, it would help a little and fix the issue for a short amount of time, but it keeps coming back.
 
Thanks in advance for any help (:

 

Link to post
Share on other sites

And here's the addition.txt scan

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01

Ran by nate at 2014-06-21 09:51:56

Running from C:\Users\nate\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

 

==================== Installed Programs ======================

 

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden

4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden

4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)

Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 5.5 Design Premium (HKLM-x32\...\{60E59A6C-7399-495A-B85C-C829F4E59602}) (Version: 5.5 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)

Adobe Download Assistant (x32 Version: 1.0.3 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)

Adobe Widget Browser (x32 Version: 2.0.230 - Adobe Systems Incorporated.) Hidden

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden

Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.2.0.1 - )

Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.3.0.11 - )

Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.2.0.11 - )

Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.3.0.19 - )

Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )

Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.6.0.9 - )

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.4.18 - )

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )

Causality Lab 4.3 (HKCU\...\Causality Lab 4.3) (Version:  - LSEC, Philosophy Dept, Carnegie Mellon)

CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)

Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)

Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden

Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)

Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.890 - Corel Inc.)

Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)

Cyberduck 13577 (4.4) (HKLM-x32\...\Cyberduck) (Version: 13577 (4.4) - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden

Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden

DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

Equalify v2.2.1 (Stable) (HKLM-x32\...\{FF890228-5396-4BB0-B500-6E2843D7DD63}) (Version: 2.2.1.0 - Equalify)

Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)

Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

GameFly (HKLM-x32\...\GameFly) (Version: 1.2.106 - GameFly, Inc.)

GameFly (x32 Version: 1.2.106 - GameFly, Inc.) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)

Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)

HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)

HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)

Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.2 - Lenovo Inc.)

Lenovo SimpleTap (HKLM\...\{CFD2C9F6-AE2F-4422-A7E9-182B47F1E72E}) (Version: 1.3.0005.00 - Lenovo Group Limited)

Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )

Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)

Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)

Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)

Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 11.0.572 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)

Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

NoteWorthy Composer (HKLM-x32\...\NoteWorthy Composer) (Version:  - )

NoteWorthy Composer 2 (HKLM-x32\...\NoteWorthy Composer 2) (Version: Demo Version 2.0 - Noteworthy Software, Inc.)

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.22.00 - )

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)

Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

RapidBoot (HKLM-x32\...\InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}) (Version: 1.00 - Lenovo)

RapidBoot (x32 Version: 1.00 - Lenovo) Hidden

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )

RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Secure Download Manager (HKLM-x32\...\{C28422FB-F2CD-427A-ADED-9F281745CDB2}) (Version: 3.0.3 - e-academy Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Starcraft (HKLM-x32\...\Starcraft) (Version:  - )

StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.7.25293 - Blizzard Entertainment)

Stata 12 (HKLM-x32\...\{5006A0E8-B9B0-48DF-981A-41D005B3E937}) (Version: 12.0 - StataCorp LP)

Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0042 - Lenovo)

ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.22 - )

ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )

ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.48 - )

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.5.0 - )

ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)

ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.73 - Lenovo)

ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.01 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.2.141 - VeriSign)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)

Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)

Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)

Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)

Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)

Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)

Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)

Windows Driver Package - Ricoh Company SD Host Controller (03/23/2011 6.10.10.30) (HKLM\...\4534F449D55EE49DEE206B3D9A3B1811E1A495EA) (Version: 03/23/2011 6.10.10.30 - Ricoh Company)

Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

 

==================== Restore Points  =========================

 

17-06-2014 08:34:07 Malwarebytes Anti-Rootkit Restore Point

21-06-2014 12:20:29 Malwarebytes Anti-Rootkit Restore Point

 

==================== Hosts content: ==========================

 

2009-07-13 19:34 - 2014-06-18 12:40 - 00001691 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

173.212.223.247 www.google-analytics.com.

173.212.223.247 google-analytics.com.

173.212.223.247 connect.facebook.net.

173.212.223.247 bing.com.

173.212.223.247 www.bing.com.

173.212.223.247 gb.bing.com.

173.212.223.247 au.bing.com.

173.212.223.247 ca.bing.com.

94.242.222.115 www.google-analytics.com.

94.242.222.115 google-analytics.com.

94.242.222.115 connect.facebook.net.

94.242.222.115 bing.com.

94.242.222.115 www.bing.com.

94.242.222.115 gb.bing.com.

94.242.222.115 au.bing.com.

94.242.222.115 ca.bing.com.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {02EB5921-AE84-49B2-A1A0-5C2FA2116FAC} - System32\Tasks\{255EC46E-C784-4F75-9E1C-8D71F2B73AD2} => Chrome.exe http://ui.skype.com/ui/0/5.0.0.152.375/en/go/help.faq.installer?LastError=1603

Task: {06AF49E5-B89B-434D-8564-E1BAA7037751} - \Express FilesUpdate No Task File <==== ATTENTION

Task: {11682873-4309-44CA-9C33-6FDDCE27E554} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()

Task: {22387049-B50C-49AD-AAE1-E3CBB4821D5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)

Task: {33C358FD-E07C-4184-A47E-5AB367D270EE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core => C:\Users\nate\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {3CCDD310-FCC6-453B-AF52-CAF52ED3C60E} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()

Task: {5272CEBC-8E8C-4139-ADF5-9E81DE648454} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)

Task: {5EF996A6-52D5-4A00-A013-CDB69EAD49E3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core => C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09] (Google Inc.)

Task: {693D5AC6-A509-49B0-A204-BAF5D5102815} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {720D3AC0-8456-4BC6-8911-432BB18BFB2E} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {7A9E24CF-01CD-4501-B1FC-CE68FE1B84CC} - System32\Tasks\AdobeAAMUpdater-1.0-Nathans-nate => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)

Task: {92D36BBD-0D97-46FB-8722-19288C2AC15F} - System32\Tasks\Lenovo\SimpleTap Watermark Launcher => C:\Program Files\lenovo\simpletap\simpletap.exe [2011-02-08] (Lenovo)

Task: {A3B600E7-572D-4404-A9A3-3BF7C06A562C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {A93EE7BE-35C7-4C89-95A1-2BB392F6E758} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)

Task: {B8D18F58-93C2-49FB-BBB1-FA318FA1BC08} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-03-23] (Lenovo Group Limited)

Task: {C4D8EADC-D433-4207-9FAF-96CE7C25CA2B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA => C:\Users\nate\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: {EF31D78A-C291-4B6D-828F-DA9CA05EF32B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-27] (Adobe Systems Incorporated)

Task: {FA59E9AB-BFFF-4F82-AE03-C093ACF659F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA => C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-09] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core.job => C:\Users\nate\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA.job => C:\Users\nate\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core.job => C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA.job => C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe

Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

 

==================== Loaded Modules (whitelisted) =============

 

2008-09-08 11:19 - 2008-09-08 11:19 - 00022016 _____ () C:\Windows\System32\cl31cl6.dll

2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugo3l6.dll

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2011-08-10 12:42 - 2010-10-25 21:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

2011-08-10 12:46 - 2011-03-10 20:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-02-08 17:36 - 2011-02-08 17:36 - 01530168 _____ () C:\Program Files\lenovo\simpletap\SimpleTapResources.dll

2011-02-08 17:36 - 2011-02-08 17:36 - 00027448 _____ () C:\Program Files\lenovo\simpletap\Add-ons\Lenovo\Audio\CoreAudioApi.dll

2011-02-08 17:36 - 2011-02-08 17:36 - 00014136 _____ () C:\Program Files\lenovo\simpletap\Add-ons\Lenovo\Brightness\DisplayBrightnessApi.dll

2011-02-08 17:36 - 2011-02-08 17:36 - 00014648 _____ () C:\Program Files\lenovo\simpletap\Add-ons\Lenovo\ScreenLock\TouchScreenApi.dll

2013-09-24 09:52 - 2014-05-15 11:23 - 00598072 _____ () C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

2009-05-27 22:09 - 2009-05-27 22:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

2014-03-17 18:09 - 2014-03-17 18:09 - 02967040 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll

2011-08-10 12:48 - 2011-03-23 11:48 - 00044544 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL

2014-04-14 10:43 - 2014-04-14 10:43 - 02278912 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll

2012-05-20 20:41 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-08-10 12:49 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll

2011-08-10 12:49 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll

2013-05-18 12:14 - 2014-05-15 11:23 - 36966968 _____ () C:\Users\nate\AppData\Roaming\Spotify\Data\libcef.dll

2014-06-21 08:53 - 2014-06-21 08:53 - 00043008 _____ () c:\users\nate\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhnmr6.dll

2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\nate\AppData\Roaming\Dropbox\bin\libcef.dll

2014-05-08 11:05 - 2014-05-08 11:05 - 00202152 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

2014-05-08 11:05 - 2014-05-08 11:05 - 00018856 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2native.dll

2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-06-13 22:18 - 2014-06-05 06:58 - 04217672 _____ () C:\Users\nate\AppData\Local\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-13 22:18 - 2014-06-05 06:58 - 00414536 _____ () C:\Users\nate\AppData\Local\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-13 22:18 - 2014-06-05 06:58 - 01732424 _____ () C:\Users\nate\AppData\Local\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2014-05-05 20:36 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\nate\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-05-05 20:36 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\nate\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2014-06-13 22:18 - 2014-06-05 06:58 - 14612296 _____ () C:\Users\nate\AppData\Local\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

==================== Faulty Device Manager Devices =============

 

Name: Deskjet 3050 J610 series

Description: Deskjet 3050 J610 series

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Officejet Pro 8500 A909n

Description: Officejet Pro 8500 A909n

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 68%

Total physical RAM: 3983.23 MB

Available physical RAM: 1250.21 MB

Total Pagefile: 7964.65 MB

Available Pagefile: 4078.8 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (Windows7_OS) (Fixed) (Total:281.29 GB) (Free:49.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:7.51 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: FED75091)

Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Hey Advanced setup,

 

Thanks so much for doing this. Just letting you know that I ran a few scans yesterday in order to keep my computer from crashing on me (as it has)... so these scans might not show very much...

 

Also, I copied and pasted all the scan logs into one txt file. Let me know if it's easier for you if they're in separate replies.

 

Thanks again!

 

ROOTKILL: ____________________________________________________________________________________________________________
 
Rkill 2.6.7 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/15/2014 09:40:10 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  188.40.62.183 www.google-analytics.com.
  188.40.62.183 google-analytics.com.
  188.40.62.183 connect.facebook.net.
  94.242.222.115 www.google-analytics.com.
  94.242.222.115 google-analytics.com.
  94.242.222.115 connect.facebook.net.
 
Program finished at: 07/15/2014 09:43:48 PM
Execution time: 0 hours(s), 3 minute(s), and 38 seconds(s)
 
 
 
ERUNT:____________________________________________________________________________________________________________
 
ERUNT - The Emergency Recovery Utility NT
=========================================
 
Registry Backup and Restore for Windows NT/2000/2003/XP
 
v1.1j, 10/20/2005, Freeware
Written by Lars Hederer
e-mail: lars.hederer@t-online.de
 
Look for the latest version here:
 
To find out what's new in this version, please see the "Version
history" section later in this file.
 
 
 
Introduction
------------
 
With the invention of Windows 95 Microsoft made the wise decision to
organize all computer- and application-specific data which was spread
over countless INI files before in a centralized Windows database,
called the system "registry". The registry is one of the most
important parts in every Windows system today, without which the OS
would not even boot. And since the registry is quite sensitive to
corruption, it is very advisable to backup its according files from
time to time.
 
In MS-DOS based Windows versions (95, 98, Me) the registry consists of
the files SYSTEM.DAT and USER.DAT (and CLASSES.DAT in Windows Me). To
backup these files, one can easily go to the Windows folder in
Explorer and copy the files to a safe location, for example another
folder on the hard disk. Microsoft even supplies a utility called ERU
which can be used to backup these and a few other critical system
files to a safe location.
 
Also, Windows 9x/Me automatically create backups of the registry at
startup, with Windows 95 always backing up the registry from the
previous Windows session, and Windows 98/Me maintaining up to five
registry copies from the last five days where Windows was running.
 
Unfortunately, this is not the case with Windows versions based on the
NT kernel. In Windows NT and 2000, the registry is never backed up
automatically, and in XP it is backed up only as part of the bloated
and resource hogging System Restore program which cannot even be used
for a "restore" should a corrupted registry prevent Windows from
booting. It has also become impossible to copy the necessary files,
now called "hives" and usually named DEFAULT, SAM, SECURITY, SOFTWARE,
SYSTEM in the SYSTEM32\CONFIG folder, to another location because they
are all in use by the OS. And though the registry in an NT-based
Windows is less likely to become corrupted than in other versions, it
can still happen, and for these cases NT is simply missing an option
for easy registry backup and restore as there is in Windows 9x/Me, to
get the system up and running again in no time.
 
In 2001, as Windows XP began to come pre-installed on many new home
user PCs and was likely to become the new Windows standard over the
next years, I decided to write a program which offers the ease-of-use
of Windows 9x/Me ERU by Microsoft (hence the name ERUNT) to backup the
registry, as well as providing an auto-backup capability, for example
at Windows startup.
 
Or, before installing a new program for testing purposes one could
save the registry with ERUNT, install and test the program, uninstall
it and restore the registry to be 100% sure that no debris is left.
 
Note: The "Export registry" function in Regedit is USELESS (!) for
making a complete backup of the registry. Neither does it export the
whole registry (for example, no information from the "SECURITY" hive
is saved), nor can the exported file be used later to replace the
current registry with the old one. Instead, if you re-import the file,
it is merged with the current registry without deleting anything that
has been added since the export, leaving you with an absolute mess of
old and new entries.
 
 
 
Features
--------
 
- Backup the Windows NT/2000/2003/XP registry to a folder of your
  choice
 
- System and current user registries selectable
 
- Command line switches for automated registry backup and restoration
 
- Restore the registry in Windows 9x/Me/NT/2000/2003/XP and MS-DOS
  (all-in-one restore program) or the Windows Recovery Console
 
- Included in this package:
  NTREGOPT program for optimizing the registry
 
- All programs in this package are completely localizable
  (translate them into your language), German version included
 
 
 
Supported operating systems
---------------------------
 
- Windows NT 3.51
- Windows NT 4.0
- Windows 2000
- Windows 2003
- Windows XP
- most likely, all future Windows versions based on the NT kernel
 
Additionally supported by the ERDNT restore program:
- MS-DOS
- Windows 95
- Windows 98
- Windows Me
 
 
 
Installation
------------
 
Use the Setup program to install ERUNT on your computer.
 
Or, if you downloaded the zipped version: Unzip all files into a
folder of your choice, and if you want, create shortcuts on your
desktop to the ERUNT.EXE and NTREGOPT.EXE files.
 
 
 
Uninstallation
--------------
 
Use "Add/Remove Programs" in Windows' control panel to remove ERUNT
from your computer.
 
Or, if you downloaded the zipped version: Delete the ERUNT folder,
delete the appropriate desktop icons.
 
(You may also want to delete all restore folders you have previously
created with the program.)
 
 
 
Backing up the registry with ERUNT
----------------------------------
 
Note: To ensure proper operation of ERUNT, you should be logged in as
a system administrator.
 
Start ERUNT, confirm the Welcome message.
 
Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.
 
Note that in the folder edit field, ERUNT by default appends a folder
named the current date to the restore folder, which allows you to keep
as many registry backups as you wish in the same restore folder,
separated into the different creation dates. This feature, as well as
the appearance of the date string, can be configured via the ERUNT.INI
file, described later in this document. If you want the registry backup
to be created directly in the folder you select, you can also simply
remove the date from the folder edit field before clicking "OK".
 
Next, select the backup options:
 
- System registry: The current system registry, usually consisting of
  the files DEFAULT, SAM, SECURITY, SOFTWARE, and SYSTEM.
 
- Current user registy: The registry files for the currently logged-on
  user, usually NTUSER.DAT and USRCLASS.DAT.
 
- Other open user registries: Sometimes Windows has a few other user
  registries in memory. Examples for this are "generic" registries,
  e.g. for user "EVERYONE", or registries of other users if you use
  Fast Task Switching in Windows XP. Check this option to backup all
  these additional user registries (if found) as well.
 
Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.
 
(Technical information: ERUNT saves only registry files which are in
use by the system. It obtains information about these files from
registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\
hivelist. Registry hives not listed there, for example those
of other users of the computer, cannot be saved by ERUNT.)
 
 
 
ERUNT command line switches
---------------------------
 
ERUNT supports command line switches with which you can perform an
automated registry backup, without user interaction. The syntax for
the ERUNT command line is as follows:
 
ERUNT DestinationFolder [sysreg] [curuser] [otherusers]
[/noconfirmdelete] [/noprogresswindow]
 
DestinationFolder is required for command line operation of ERUNT,
all other switches are optional.
 
If you specify a destination folder on the command line, ERUNT
automatically runs in "silent" mode and with default backup options
(system and current user registry). No user interaction is required,
EXCEPT the confirmation of the restore folder deletion if it exists,
or any error messages. The confirmation question can be suppressed
by using /noconfirmdelete (see below).
 
Description of the command line switches:
 
DestinationFolder
  The name of the folder where the registry backup should be saved.
  Example: C:\WINDOWS\ERDNT
  You can use the strings #Date# and #Time# anywhere in the folder
  name to have ERUNT insert the current date/time at that position.
  Example: C:\WINDOWS\ERDNT\#Date#
  Windows' %SystemRoot% environment variable can be used on the
  command line as a substitute for the name of the Windows folder.
  Example: %SystemRoot%\ERDNT\#Date#
 
sysreg
  Backup the system registry
 
curuser
  Backup the current user registry
 
otherusers
  Backup other open user registries
 
(Note: If none of the three above options is given on the command
line, ERUNT automatically uses the default backup options, system
and current user registry.)
 
/noconfirmdelete
  Automatically deletes the contents of the destination folder if it
  exists, without asking the user. BE CAREFUL and only use this option
  if you are sure that the contents of that folder may really be
  deleted!
 
/noprogresswindow
  Hides the progress window during backup.
 
So, to backup the system registry to folder C:\ERDNT each day of the
week using subfolders with the name of the current day you could use
the integrated scheduler in Windows to schedule seven different ERUNT
calls for each day:
 
For Monday you would use the command line
  C:\ERUNT\ERUNT.EXE C:\ERDNT\Monday sysreg /noconfirmdelete
 
For Tuesday you would use the command line
  C:\ERUNT\ERUNT.EXE C:\ERDNT\Tuesday sysreg /noconfirmdelete
 
... well, you get the idea.
 
Or, to have ERUNT automatically backup the registry on each Windows
startup to a folder named "ERDNT" inside the Windows folder, including
a folder named the current date, you could place a shortcut like the
following in your Start Menu/Programs/Startup folder:
 
  C:\ERUNT\ERUNT.EXE %SystemRoot%\ERDNT\#Date# /noconfirmdelete
 
If you want old restore folders created this way to be deleted
automatically from time to time, you can use AUTOBACK.EXE instead of
ERUNT.EXE. The AUTOBACK tool is described later in this document.
Also, ERUNT Setup offers the choice to add an AutoBackup shortcut to
the Startup folder automatically during the installation process.
 
 
 
The ERUNT.INI file
------------------
 
You can configure various ERUNT settings with this file, for example
change the default destination folder displayed in ERUNT's folder edit
field, or disable automatic appendation of the current date there.
 
Use Notepad to create a file named ERUNT.INI in your ERUNT folder, and
add the following line:
 
[ERUNT]
 
Below this line, enter one or more of the following configuration
options:
 
DefaultDestinationFolder
  The name of the default folder displayed in ERUNT's folder edit
  field. You may also use environment variables here, for example
  %SystemRoot% as a substitute for the name of the Windows folder.
  Default: %SystemRoot%\ERDNT
Example:
DefaultDestinationFolder=C:\ERDNT
 
AppendDateToFolderEditField
  Enable or disable automatic appendation of the current date to
  ERUNT's folder edit field.
  0=disable, 1=enable, default: 1
Example:
AppendDateToFolderEditField=0
 
AppendTimeToFolderEditField
  Enable or disable automatic appendation of the current time to
  ERUNT's folder edit field. This function can only be enabled in
  conjunction with AppendDateToFolderEditField also set to 1.
  0=disable, 1=enable, default: 0
Example:
AppendTimeToFolderEditField=1
 
DateFormat
DateSeparator
  These settings configure the appearance of the date string in
  ERUNT's folder edit field, or when #Date# is used on the command
  line. By default, ERUNT uses Windows' regional settings for the
  short date format. Note that only "." and "-" are allowed as date
  separators.
Example:
DateFormat=mm/dd/yyyy
DateSeparator=-
 
TimeFormat
TimeSeparator
  These settings configure the appearance of the time string in
  ERUNT's folder edit field, or when #Time# is used on the command
  line. By default, ERUNT uses Windows' regional settings for the
  short time format. Note that only "." and "-" are allowed as time
  separators.
Example:
TimeFormat=hh:mm:ss
TimeSeparator=.
 
DisableFastBackup
  On supported operating systems (including Windows XP and Server
  2003) ERUNT by default uses a very fast backup algorithm. If you
  experience any problems during registry backup, you can try to
  disable this function and revert back to the conventional (but slow)
  method. This setting has no effect on unsupported operating systems,
  where the conventional algorithm is always used.
  0=fast method, 1=conventional method, default: 0
Example:
DisableFastBackup=1
 
 
 
The AUTOBACK.EXE tool
---------------------
 
The command line tool AUTOBACK.EXE uses the same syntax as ERUNT but
performs the additional task of deleting old restore folders after the
new backup has been created.
 
For this to work properly, the name of the last folder in the command
line option DestinationFolder must begin with the current date, or the
#Date# string, respectively. If this is the case AUTOBACK
automatically searches the parent folder of the newly created backup
for folder names of the same date format and deletes all folders
except from the last 30 days where backups have been created.
 
The number of restore folders to keep can be changed using the /days:n
command line switch, e.g. /days:7 would only keep the folders from the
last 7 backup days.
 
By default AUTOBACK does not create a new backup if one already exists
for the current day. Use the /alwayscreate switch to change this
behavior and have the program always create a new backup.
 
AUTOBACK is dependent on ERUNT and therefore needs to be executed from
the same folder. It uses the same settings for the date format as
ERUNT does, so if you specified a new format in ERUNT.INI it will also
be used automatically by AUTOBACK.
 
 
 
Restoring the registry with ERDNT
---------------------------------
 
Situation: Windows is running normally.
 
To restore a previous registry backup, open Windows Explorer, navigate
to the folder where you saved the backup to, and double-click the
ERDNT.EXE file to start the restoration program. (Each restore folder
has its own copy of ERDNT.EXE in it.) Select which registry components
to restore, then click "OK" to start restoration. When the process is
complete, click "OK" to restart the computer and activate the restored
registry.
 
Note: If you experience any problems restoring the registry, please
read "ERDNT technical information" later in this document to learn
what ERDNT is actually doing during the process, or simply read on
through the following emergency scenarios for other ways of restoring
the registry.
 
 
 
What to do if Windows does not boot anymore?
--------------------------------------------
 
If Windows refuses to boot normally it can be for a variety of
reasons, not the least of which is that the registry is damaged, or
you installed a program or driver which is somewhat incompatible with
the system or buggy, in which case restoring a registry backup from a
point where everything was running smoothly should also help.
 
The first thing to try is to reboot and press the F8 key immediately
before the first Windows screen appears, then select the "Last Known
Good" option from the menu and see if Windows boots up with this
option. If it does, you're all set.
 
If it does not, reboot again with F8, and select the option "Safe
Mode". If Windows boots up in safe mode, you can restore a registry
backup just as you would in normal mode, as described above.
 
If safe mode also fails, read on...
 
 
 
Restoring the registry with ERDNT - Emergency Scenario I
--------------------------------------------------------
 
Situation: Windows fails to boot up in normal and safe mode, but you
have a DOS boot disk or another (working) operating system installed
on your PC which is supported by the ERDNT restoration program, and
from which you have full access to the drive(s) containing the corrupt
Windows installation and the registry backup.
 
Boot up to the working OS, and open the folder containing the registry
backup you want to restore.
 
If the drive letters are different to as they were in the Windows
where you created the registry backup, you need to edit the ERDNT.INF
file now to reflect the new drive letters, before trying to restore
the registry backup. For example, if the drive with the corrupt
Windows installation is now available as D: instead of C:, then you
would change all C:\... references in the INF file to D:\... . Editing
the file can be done in Windows with the Notepad program, and in DOS
with the EDIT command.
 
Now run the ERDNT.EXE file to start the restoration program. Select
which registry components to restore (just the system registry will do
in most cases), then start restoration. When the process is complete,
reboot the computer and check if the other Windows installation is
repaired now.
 
 
 
Restoring the registry with ERDNT - Emergency Scenario II
---------------------------------------------------------
 
Situation: Windows fails to boot up in normal and safe mode, and you
have no other working operating system installed on your PC.
 
The following two rescue methods require that your PC is configured so
that it can boot from CD. See your BIOS documentation for more
information.
 
1. Bart's PE Builder
Use another computer with Internet access and CD burning capabilities
to download this free program from the Internet (do a Google search
for it), which will create a bootable Windows CD with full access to
all drives (including NTFS). Boot from this CD, open the File
Management Utility and follow the directions in "Emergency Scenario I"
to run ERDNT and restore the registry.
 
2. The Windows Recovery Console (Windows 2000 and higher)
Note that you can use this method only if you saved the registry
backup inside the Windows folder, and that using this procedure only
the system registry is restored. This should however get you back into
Windows, from where you can run the ERDNT program to restore user
registries, if necessary.
- Boot your system from the Windows 2000/2003/XP CD-ROM.
- At the welcome screen, press "R" (Windows 2000: "R" then "C").
- Type in the number of the Windows installation you want to repair
  (usually 1), then press ENTER.
- Type in the Administrator password (leave blank if you are unsure
  what it is) and press ENTER.
- At the command prompt type
    cd erdnt
  or whatever you named your restore folder, then press ENTER.
- If you enabled automatic registry backup on system boot during ERUNT
  installation and want to restore one of these backups, type
    cd autobackup <ENTER>
- If you created subfolders for different registry backups (for
  example, with the different creation dates), type
    dir <ENTER>
  to see a list of available folders, then type
    cd foldername <ENTER>
  where foldername is the name of a folder listed by the dir command,
  to open that folder.
- Now type
    batch erdnt.con <ENTER>
  to restore the system registry from that folder.
- Type
    exit <ENTER>
  and remove the CD from the CD-ROM drive. The system will now reboot
  with the restored registry.
 
 
 
ERDNT technical information
---------------------------
 
ERDNT knows two restoration modes. The right mode is usually auto-
detected each time ERDNT is run, but read on if you are experiencing
problems restoring the registry.
 
"NT" mode is used if you run the ERDNT program from within the same
system where you made the backup. This is determined by looking at the
[systemRoot] entry in the ERDNT.INF file and comparing it to the
actual %SystemRoot% environment variable. Using "NT" mode is the only
way to successfully restore the active registry of the currently
running OS.
 
"File copy" mode is used if the currently running OS is NOT NT-based,
or if the [systemRoot] entry does not match the %SystemRoot%
environment variable. In this mode the backed up registry files are
simply copied back to their original location.
 
MS-DOS based ERDNT only supports "File copy" mode.
 
Note: In restoration mode "NT" backups of the current registry files
are automatically created, so that option is grayed out. In
restoration mode "File copy" all saved user registries are
automatically restored, so you cannot choose between "current user"
and "other user" registries.
 
The backups of the current registry files are placed in the same
location as the original and are given the extension ".bak".
 
Experienced users don't even need to use the ERDNT program in other
operating systems to restore a registry backup. Given access to the
appropriate files and folders, the backed up files can simply be
copied back to their original location, as that is all ERDNT does
in "File copy" mode anyway. Have a look at the ERDNT.INF file to
find out what the original file locations are.
 
 
 
ERDNT command line switches
---------------------------
 
The ERDNT program also supports command line switches for "silent"
operation. The syntax for the ERDNT command line is:
 
ERDNT silent [sysreg] [curuser] [otherusers]
[/mode:nt|filecopy] [/nobackup] [/noprogresswindow] [/reboot]
 
(Switches in brackets are optional.)
 
Description of the command line switches:
 
silent
  Puts ERDNT into "silent" mode and enables all other switches.
 
sysreg
  Restore the system registry
 
curuser *
  Restore the current user registry
  (This option is ignored in "File copy" restoration mode.)
 
otherusers
  Restore other saved user registries
 
(Note: If none of the three above options is given on the command
line, ERDNT automatically uses the default restoration options, system
and current user registry.)
 
/mode:nt or /mode:filecopy *
  Disables automatic detection of the correct restoration mode and
  uses mode "NT" or "File copy" instead.
 
/nobackup
  Don't make backups of the current registry files during restoration.
  (This switch is ignored in "NT" restoration mode.)
 
/noprogresswindow
  Hides the progress window during restoration.
 
/reboot *
  Automatically reboots the computer when restoration of the registry
  is complete.
 
* = Not supported in the DOS version of ERDNT.
 
 
 
Optimizing the registry with NTREGOPT
-------------------------------------
 
Similar to Windows 9x/Me, the registry files in an NT-based system
can become fragmented over time, occupying more space on your hard
disk than necessary and decreasing overall performance. You should
use the NTREGOPT utility regularly, but especially after installing
or uninstalling a program, to minimize the size of the registry files
and optimize registry access.
 
The program works by recreating each registry hive "from scratch",
thus removing any slack space that may be left from previously
modified or deleted keys.
 
Note that the program does NOT change the contents of the registry in
any way, nor does it physically defrag the registry files on the drive
(as the PageDefrag program from SysInternals does). The optimization
done by NTREGOPT is simply compacting the registry hives to the
minimum size possible.
 
To optimize your registry, simply run NTREGOPT, click "OK", and when
the process is complete click "OK" to reboot the computer. You should
do so immediately because any changes made to the registry after
NTREGOPT has been run are lost after the reboot.
 
 
 
NTREGOPT command line switches
------------------------------
 
The syntax for the NTREGOPT command line is:
 
NTREGOPT silent [/noprogresswindow] [/reboot]
 
(Switches in brackets are optional.)
 
Description of the command line switches:
 
silent
  Puts NTREGOPT into "silent" mode and enables the other switches.
 
/noprogresswindow
  Hides the progress window during optimization.
 
/reboot
  Automatically reboots the computer when optimization of the registry
  is complete.
 
 
 
Known problems
--------------
 
ERUNT and NTREGOPT sometimes fail with error 1450 - "Insufficient
system resources exist to complete the requested service" - when
trying to save a registry hive. I have not yet been able to reproduce
this error on any PC, and reports from affected users indicate that it
also pops up when trying to back up the critical hive using
Microsoft's REGBACK program. This makes it unlikely that there is
anything I can do on my (the programmer's) side. Some users reported
however that they were able to work around the problem by running
ERUNT/NTREGOPT in Windows' safe mode, and in one case uninstalling a
Symantec software suite solved it permanently. One user reported that
increasing the "IRPStackSize" value as described in Microsoft
Knowledge Base article 177078 fixed the problem on his system.
 
When the system is rebooted after a restoration of the registry with
ERDNT or optimization with NTREGOPT, Windows Server 2003 will by
default display the shutdown event tracker during logon asking why the
system has been shut down unexpectedly. This is because the info that
the shutdown was in fact an expected one is written to the "old"
registry during shutdown of the system which is replaced by the
restored/optimized registry next time the system is booted, and
therefore the shutdown info is discarded and shutdown event tracker
thinks the system crashed. You may want to disable the tracker to
avoid this message in the future (see the Windows help for information
on how to do this).
 
If you experience any other problems, please email me at
lars.hederer@t-online.de with a detailed description and I will see if
I can help you.
 
 
 
Localization
------------
 
You can translate all programs from this package into your language by
editing the appropriate .LOC file.
 
Keep in mind that the LOC files of the three Windows programs (ERUNT,
ERDNTWIN, NTREGOPT) should be edited using a Windows based editor
(Notepad), and ERDNTDOS.LOC using an MS-DOS based editor (EDIT.COM).
This is to ensure that any OEM characters are displayed correctly in
the program.
 
If your language is not yet present on my homepage and you want your
localization to be available to the general public, you are welcome to
send the four translated files to me. I will then make them available
for download, with credits of course.
 
I have included a German language pack. If you want to use the program
in German, simply unzip LOC_GER.ZIP into your ERUNT folder.
 
 
 
Version history
---------------
 
v1.1j, 10/20/2005
- Fixed compatibility issues with 64-bit Windows (many thanks to
  Ian Smith and Hajo for all testing)
- Enhanced error messages
- AutoBackup now supports all date formats
- ERUNT.INI: "TimeSeparator" fixed; "DefaultDestinationFolder" now
  supports all environment variables (previously only %SystemRoot%
  could be used)
- ERDNT now displays the source Windows folder in addition to the
  backup's creation date
 
v1.1i, 08/17/2005
- AutoBackup: Improved support for complex date formats
- NTREGOPT: Optimization results are now calculated correctly when
  optimization failed on one or more hives
 
v1.1h, 03/06/2005
- Updated homepage address
- New ERUNT.INI option: AppendTimeToFolderEditField
- Fixed a problem where the current user registry could not be
  identified on some systems
- Changed behavior of AutoBackup's /days:n switch
 
v1.1g, 11/02/2004
- ERUNT is now MUCH faster on Windows XP and Server 2003
- Added time string support on the command line
- AutoBackup now by default skips creating a backup for the current
  day if one already exists
 
v1.1f, 08/26/2004
- Added AUTOBACK.EXE command line tool for automated registry backup
  and deletion of old restore folders created prior to a specific
  number of days
- Window position is now screen center instead of desktop center,
  fixing display problem when using multiple monitors (thanks John :)
 
v1.1e, 07/31/2004
- Appearance of the date string can be configured via ERUNT.INI
- NTREGOPT: Optimization results: use thousand separator
 
v1.1d, 07/07/2004
- Optimized error handling
- Combined DOS and Windows ERDNT into a single Win32 executable,
  fixing problems with the previous 16-bit exe stub on some systems
  and with BartPE
- Added Windows Recovery Console support with ERDNT batch file
- Default destination folder can now be configured via file ERUNT.INI,
  replacing #DestinationFolder command line option
- Changed the default destination folder to be inside the Windows
  folder, for easy recovery console access
- New folder named the current date is automatically appended to
  destination folder (can be disabled in ERUNT.INI)
- Rewrote major parts of the documentation
 
v1.1c, 05/10/2004
- Fixed problems with dynamic disks
- Added browse function for destination folder, as well as the option
  to change the default name (use #DestinationFolder on the command
  line)
- Re-added support for Windows NT 3.51 (got lost with v1.1) except
  browse function
 
v1.1b, 04/23/2004
- ERUNT and NTREGOPT are now compatible with Windows Server 2003 and
  Windows XP Service Pack 2
- Fixed a problem where the registry hives could not be
  saved/restored/optimized on some systems
- Changed naming convention for user subfolders in the ERDNT folder
 
v1.1a, 10/03/2002
- Fixed a problem where the registry hives could not be
  saved/restored/optimized on some systems
 
v1.1, 09/25/2002
- Fixed "Invalid pointer operation" message which occurred on some
  systems (many thanks to Russ Cordner for his assistance in isolating
  the problem)
- Fixed "Error opening localization file" message when ERUNT.EXE was
  called from outside the ERUNT folder
- Fixed some problems with UNC path names
- Added command line support for ERDNT and NTREGOPT
- NTREGOPT: show optimization results (initial and new registry size)
 
v1.0, 11/24/2001
- Initial release
 
 
 
Distribution
------------
 
The ERUNT package (including the programs ERUNT, AUTOBACK, ERDNT and
NTREGOPT) is freeware. Please pass it to anyone who you think may find
it useful.
 
I explicitly allow this package to be included in any file archive,
CD-ROM or other media collection as well as usage in your own programs
provided that all files are kept and remain unchanged. A quick note
via e-mail where my program has been included is appreciated.
 
 
 
Donations
---------
 
Though I chose to make my programs freeware so that no one is required
to pay for using them, I accept and appreciate donations. So, if you
find my programs helpful and want to support further development,
simply visit my homepage and click one of the "PayPal" buttons, or
donate directly to my e-mail address via PayPal. Thanks in advance!
 
If you live in Germany and want to make a donation, you may also
transfer money directly to my bank account. Contact me for more
information.
 
 
 
Disclaimer
----------
 
Use this software at your own risk. I do not take responsibility for
anything that might happen to you or the PC upon use of my programs,
including but not limited to: registry destruction, hard disk crash,
heart attack...
 
Comments and suggestions via e-mail, however, are always welcome!
 
MBAM:__________________________________________________________________________________________________________
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/15/2014
Scan Time: 9:50:06 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.16.02
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nate
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318742
Time Elapsed: 20 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1022412237-4134323410-1441852971-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie),Replaced,[2351574806752e08b4cbafe83cc80af6]
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Spigot.A, C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.yahoo.com/?type=586383&fr=spigot-yhp-ff");), Replaced,[bcb8930cc5b626101f82b8182ed6a65a]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ROGUEKILLER:________________________________________________________________________________________________________
 
RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : nate [Admin rights]
Mode : Scan -- Date : 07/15/2014  22:31:47
 
¤¤¤ Bad processes : 2 ¤¤¤
[suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll[-] -> UNLOADED
[suspicious.Path] explorer.exe -- C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll[-] -> UNLOADED
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) WTSAPI32.dll - DllCanUnloadNow : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefadf2350
[EAT:Addr] (explorer.exe) WTSAPI32.dll - DllGetClassObject : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefadf2130
[EAT:Addr] (explorer.exe) WTSAPI32.dll - DllRegisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefadf1f70
[EAT:Addr] (explorer.exe) WTSAPI32.dll - DllUnregisterServer : C:\Program Files (x86)\Google\Drive\googledrivesync64.dll @ 0x7fefadf2060
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST320LT007-9ZV142 +++++
--- User ---
[MBR] e24043ac1ebdcdd8e91002d173315f79
[bSP] b002acaee9e3af0ee23a58f6a009ebee : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 288043 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 592371712 | Size: 16000 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_05312014_004712.log - RKreport_DEL_06062014_092343.log - RKreport_DEL_06082014_210327.log - RKreport_DEL_06142014_221022.log
RKreport_DEL_06172014_065637.log - RKreport_DEL_06182014_123948.log - RKreport_DEL_06212014_091441.log - RKreport_DEL_06302014_070804.log
RKreport_DEL_06302014_071122.log - RKreport_DEL_07072014_085838.log - RKreport_DEL_07152014_155411.log - RKreport_SCN_05312014_004533.log
RKreport_SCN_06062014_092151.log - RKreport_SCN_06082014_210223.log - RKreport_SCN_06142014_161913.log - RKreport_SCN_06172014_065125.log
RKreport_SCN_06182014_123100.log - RKreport_SCN_06202014_001517.log - RKreport_SCN_06212014_090716.log - RKreport_SCN_06212014_170908.log
RKreport_SCN_06302014_070756.log - RKreport_SCN_06302014_071055.log - RKreport_SCN_07072014_085820.log - RKreport_SCN_07152014_154524.log
 
Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Hey, I'm not sure you read my personal message to you, but I won't be here this weekend starting today until Monday. I just wanted to let you know so you don't delete my forum post and you don't think I'm abandoning you before we're done cleaning. I really need your help so please don't delete my post! 

 

Thanks again!

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by nate on Wed 07/16/2014 at 13:06:38.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/16/2014 at 13:15:52.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.215 - Report created 16/07/2014 at 13:39:15
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : nate - NATHANS
# Running from : C:\Users\nate\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [31507 octets] - [18/03/2014 20:51:46]
AdwCleaner[R1].txt - [1113 octets] - [14/04/2014 17:36:10]
AdwCleaner[R2].txt - [1203 octets] - [08/05/2014 12:16:43]
AdwCleaner[R3].txt - [1251 octets] - [22/05/2014 12:44:27]
AdwCleaner[R4].txt - [1419 octets] - [01/06/2014 01:01:15]
AdwCleaner[R5].txt - [1492 octets] - [02/06/2014 19:21:26]
AdwCleaner[R6].txt - [1544 octets] - [16/07/2014 13:32:09]
AdwCleaner[s0].txt - [32193 octets] - [18/03/2014 20:56:56]
AdwCleaner[s1].txt - [1177 octets] - [14/04/2014 17:38:53]
AdwCleaner[s2].txt - [1267 octets] - [08/05/2014 12:27:40]
AdwCleaner[s3].txt - [1313 octets] - [22/05/2014 16:34:00]
AdwCleaner[s4].txt - [1632 octets] - [01/06/2014 01:08:50]
AdwCleaner[s5].txt - [1465 octets] - [16/07/2014 13:39:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1525 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/16/2014
Scan Time: 1:45:49 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.16.08
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nate
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318817
Time Elapsed: 42 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET SCAN
 
 
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll a variant of Win64/Sathurbot.A trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp1952.exe Win64/Simda.A trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp26AF.exe a variant of Win32/TrojanDropper.Agent.QMS trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp351B.exe Win32/TrojanDownloader.Agent.AGV trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp50BE.exe a variant of Win32/Kryptik.CCOZ trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp5BC4.exe Win32/VB.RNV trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp872B.exe a variant of Win32/Injector.BEOU trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp8DB4.exe Win32/Boaxxe.BQ trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp91B9.exe a variant of Win32/Injector.BHHD trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmp9F20.exe Win32/Boaxxe.BB trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpA64B.exe Win32/TrojanDownloader.Agent.AGV trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpA9C5.exe a variant of Win32/Injector.BEJL trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpBDBF.exe Win32/Boaxxe.BR trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpDB16.exe Win32/Boaxxe.BR trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpE377.exe Win32/Simda.B trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpE948.exe a variant of Win32/Injector.BEXV trojan
C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpEA7E.exe Win32/Boaxxe.BQ trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM124.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM127.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM42.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM44.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO10.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage28.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Microsoft\Crypto\RSA64\rsa64.dll a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp1952.exe Win64/Simda.A trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp26AF.exe a variant of Win32/TrojanDropper.Agent.QMS trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp351B.exe Win32/TrojanDownloader.Agent.AGV trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp50BE.exe a variant of Win32/Kryptik.CCOZ trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp5BC4.exe Win32/VB.RNV trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp872B.exe a variant of Win32/Injector.BEOU trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp8DB4.exe Win32/Boaxxe.BQ trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp91B9.exe a variant of Win32/Injector.BHHD trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmp9F20.exe Win32/Boaxxe.BB trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpA64B.exe Win32/TrojanDownloader.Agent.AGV trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpA9C5.exe a variant of Win32/Injector.BEJL trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpBDBF.exe Win32/Boaxxe.BR trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpDB16.exe Win32/Boaxxe.BR trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpE377.exe Win32/Simda.B trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpE948.exe a variant of Win32/Injector.BEXV trojan
C:\Users\All Users\Microsoft\Crypto\RSA64\temp\tmpEA7E.exe Win32/Boaxxe.BQ trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM124.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM127.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM42.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM44.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO10.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage28.zip Win32/Bagle.gen.zip worm
C:\Users\nate\AppData\Local\Iqczsoft\hpfpre06.dll Win32/Boaxxe.BE trojan
C:\Users\nate\AppData\Local\Iqczsoft\mainMenuScript.dll Win32/Boaxxe.BE trojan
C:\Users\nate\AppData\Local\Iqczsoft\MFCANS32.dll Win32/Boaxxe.BE trojan
C:\Users\nate\AppData\Local\Iqczsoft\Xaudio.dll Win32/Boaxxe.BE trojan
C:\Users\nate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72D0GZD1\yontoosetup[1].exe multiple threats
C:\Users\nate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L8WKB0QU\landing[1].htm HTML/Iframe.B.Gen virus
C:\Users\nate\AppData\Local\Temp\478.tmp Win64/Simda.A trojan
C:\Users\nate\AppData\Local\Temp\6FAB.tmp Win64/Simda.A trojan
C:\Users\nate\AppData\Local\Temp\D695.tmp Win64/Simda.A trojan
C:\Users\nate\AppData\Local\Temp\FF41.tmp Win64/Simda.A trojan
C:\Users\nate\AppData\Local\Temp\SE8295.tmp.dll a variant of Win64/Kryptik.FI trojan
C:\Users\nate\AppData\Local\Temp\SE97B6.tmp.dll a variant of Win64/Kryptik.FI trojan
C:\Users\nate\AppData\Local\Temp\SECAB6.tmp.dll a variant of Win64/Kryptik.FI trojan
C:\Users\nate\AppData\Local\Temp\SEDED3.tmp.dll a variant of Win64/Kryptik.FI trojan
C:\Users\nate\AppData\Roaming\winter.exe Win32/VB.RNV trojan
C:\Users\nate\AppData\Roaming\wintt.exe Win32/VB.RNV trojan
C:\Users\nate\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe a variant of Win32/TrojanDropper.Agent.QMS trojan
 
 
 
FRST SCAN:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by nate (administrator) on NATHANS on 17-07-2014 06:22:29
Running from C:\Users\nate\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe
(Spotify Ltd) C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\nate\AppData\Roaming\Spotify\spotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\nate\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcupdmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2010-12-09] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2012-07-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1659976 2011-06-23] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [Facebook Update] => "C:\Users\nate\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [Google Update] => C:\Users\nate\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-09] (Google Inc.)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spotify Web Helper] => C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [968830F47F5DCD5F4AABA40836FED0EF18F9C861._service_run] => C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spotify] => C:\Users\nate\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\MountPoints2: {c89f4fc6-c387-11e0-81f4-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\nate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {9C0639F2-C2ED-4814-9CB3-C69D0260197C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {9C0639F2-C2ED-4814-9CB3-C69D0260197C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {BA709092-8FBD-4A89-9097-24CAEFAA681B} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110822153405.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121011162822.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3DC09B79-918A-42B2-B483-BA54A14AF754}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{51FEEEDE-6494-4CCD-B694-EF71E60C070E}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E48734B3-E360-4981-A7A9-8AEA12DB3038}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default
FF DefaultSearchEngine: search
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: search
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U164HD&PC=U164H&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\nate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\nate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\nate\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\nate\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\nate\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\nate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\nate\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\nate\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\searchplugins\yahoo_ff.xml
FF Extension: SvcVwr 1.0 Object - C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\Extensions\{863C56C3-D45C-95C1-DF5F-6944590C9551} [2014-06-12]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-10]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-06]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Drive) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (YouTube) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-08]
CHR Extension: (Google Search) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-08]
CHR Extension: (AdBlock) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-08]
CHR Extension: (Google Wallet) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-08]
CHR Extension: (Gmail) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\nate\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-06] (Lenovo Group Limited)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [501768 2011-06-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-03-13] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-03-13] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65128 2011-03-13] (McAfee, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-06-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [156792 2011-03-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [227856 2011-03-13] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481376 2011-03-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [639216 2011-03-13] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-03-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [281928 2011-03-13] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-08-10] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-17 06:22 - 2014-07-17 06:22 - 00029875 _____ () C:\Users\nate\Desktop\FRST.txt
2014-07-17 06:19 - 2014-07-17 06:19 - 02086912 _____ (Farbar) C:\Users\nate\Desktop\FRST64.exe
2014-07-17 06:18 - 2014-07-17 06:18 - 00006106 _____ () C:\Users\nate\Desktop\eset scan.txt
2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-16 14:34 - 2014-07-16 14:45 - 00000000 ___HD () C:\Windows\AxInstSV
2014-07-16 14:30 - 2014-07-16 14:31 - 02347384 _____ (ESET) C:\Users\nate\Desktop\esetsmartinstaller_enu.exe
2014-07-16 13:47 - 2014-07-16 13:47 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 13:43 - 2014-07-16 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-16 13:16 - 2014-07-16 13:17 - 01348263 _____ () C:\Users\nate\Desktop\AdwCleaner.exe
2014-07-16 13:16 - 2014-07-16 13:16 - 00000632 _____ () C:\Users\nate\Desktop\forum post 2.txt
2014-07-16 13:15 - 2014-07-16 13:15 - 00000632 _____ () C:\Users\nate\Desktop\JRT.txt
2014-07-16 13:05 - 2014-07-16 13:05 - 01016261 _____ (Thisisu) C:\Users\nate\Desktop\JRT.exe
2014-07-15 22:17 - 2014-07-15 23:06 - 00077802 _____ () C:\Users\nate\Desktop\forum post 1.txt
2014-07-15 21:46 - 2014-07-15 21:46 - 00000899 _____ () C:\Users\nate\Desktop\NTREGOPT.lnk
2014-07-15 21:46 - 2014-07-15 21:46 - 00000880 _____ () C:\Users\nate\Desktop\ERUNT.lnk
2014-07-15 21:46 - 2014-07-15 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-15 21:46 - 2014-07-15 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-15 21:45 - 2014-07-15 21:45 - 00791393 _____ (Lars Hederer ) C:\Users\nate\Desktop\erunt-setup.exe
2014-07-15 21:40 - 2014-07-15 21:43 - 00003192 _____ () C:\Users\nate\Desktop\Rkill.txt
2014-07-15 21:38 - 2014-07-15 21:38 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\nate\Desktop\rkill.exe
2014-07-15 15:21 - 2014-07-15 22:18 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-15 15:20 - 2014-07-15 15:20 - 05336664 _____ () C:\Users\nate\Desktop\RogueKillerX64 (3).exe
2014-07-14 23:30 - 2014-07-15 16:24 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Nycaeg
2014-07-10 09:14 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 09:14 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 09:14 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 09:14 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 09:14 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 09:14 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 09:14 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 09:14 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 09:14 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 09:14 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 09:14 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 09:14 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 09:14 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 09:14 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 09:14 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:14 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 09:14 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 09:14 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 09:14 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 09:14 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 09:14 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 09:14 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 09:14 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 09:14 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 09:14 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 09:14 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 09:14 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 09:14 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 09:14 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 09:14 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 09:14 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 09:14 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 09:14 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 09:14 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 09:14 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 09:14 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 09:14 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 09:14 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 09:14 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 09:14 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 09:14 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 09:14 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 09:14 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 09:14 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 09:14 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 09:14 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 09:14 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 09:13 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 09:13 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 09:13 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 09:13 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 09:13 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:13 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 09:13 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 09:13 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 09:13 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 06:29 - 2014-07-10 06:30 - 09990477 _____ () C:\Users\nate\Downloads\'Merica.pptx
2014-07-10 04:35 - 2014-07-10 04:36 - 09271339 _____ () C:\Users\nate\Downloads\The Chair Skit 2 (1).m4a
2014-07-10 04:07 - 2014-07-13 15:25 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Hewovyz
2014-07-10 03:55 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 03:55 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 03:53 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 03:53 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 03:53 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 03:50 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 03:50 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 03:50 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 03:50 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 03:50 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 03:48 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 03:48 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 03:48 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 03:24 - 2014-07-10 03:24 - 00142704 _____ () C:\Users\nate\Downloads\Worship Taiwan.pptx
2014-07-07 02:13 - 2014-07-07 02:13 - 00028672 _____ () C:\Users\nate\AppData\Roaming\wintt.exe
2014-07-07 02:13 - 2014-07-07 02:13 - 00028672 _____ () C:\Users\nate\AppData\Roaming\winter.exe
2014-07-06 07:05 - 2014-07-10 08:49 - 00000000 ____D () C:\Users\nate\Desktop\Ben Pix
2014-07-06 04:05 - 2014-07-10 09:58 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Yvanyt
2014-07-04 08:50 - 2014-07-04 08:50 - 00017799 _____ () C:\Users\nate\Desktop\Hello love.jpeg
2014-06-25 11:42 - 2014-07-06 02:55 - 00000000 ____D () C:\Users\nate\Desktop\Tim and Ben worship Taiwan
2014-06-22 13:14 - 2014-06-30 06:23 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Eselqu
2014-06-21 17:12 - 2014-06-21 17:13 - 09271339 _____ () C:\Users\nate\Downloads\The Chair Skit 2.m4a
2014-06-21 09:51 - 2014-06-21 09:55 - 00043368 _____ () C:\Users\nate\Downloads\Addition.txt
2014-06-21 09:50 - 2014-07-17 06:22 - 00000000 ____D () C:\FRST
2014-06-21 09:50 - 2014-06-21 09:55 - 00066374 _____ () C:\Users\nate\Downloads\FRST.txt
2014-06-20 16:39 - 2014-06-20 16:39 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials (2).pptx
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-06-19 23:46 - 2014-07-05 23:16 - 00000000 ____D () C:\Windows\pss
2014-06-17 07:31 - 2014-07-16 13:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-17 06:23 - 2014-07-17 06:22 - 00029875 _____ () C:\Users\nate\Desktop\FRST.txt
2014-07-17 06:22 - 2014-06-21 09:50 - 00000000 ____D () C:\FRST
2014-07-17 06:21 - 2011-10-05 18:34 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Spotify
2014-07-17 06:19 - 2014-07-17 06:19 - 02086912 _____ (Farbar) C:\Users\nate\Desktop\FRST64.exe
2014-07-17 06:18 - 2014-07-17 06:18 - 00006106 _____ () C:\Users\nate\Desktop\eset scan.txt
2014-07-17 06:12 - 2014-05-08 12:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 06:11 - 2012-10-15 12:13 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Dropbox
2014-07-17 05:54 - 2012-01-09 22:42 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA.job
2014-07-17 05:36 - 2012-09-24 22:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 04:06 - 2011-08-23 00:26 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000UA.job
2014-07-16 23:38 - 2011-08-10 12:39 - 02086246 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 22:30 - 2011-11-11 20:12 - 00000000 ____D () C:\Users\nate\AppData\Local\PMB Files
2014-07-16 22:06 - 2011-08-23 00:25 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core.job
2014-07-16 22:03 - 2012-01-09 22:42 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1022412237-4134323410-1441852971-1000Core.job
2014-07-16 22:00 - 2011-11-11 20:12 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-16 21:58 - 2009-07-13 22:13 - 00786646 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 16:00 - 2011-08-17 01:15 - 00003488 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-16 16:00 - 2011-08-17 01:15 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-07-16 16:00 - 2011-08-17 01:15 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-07-16 14:45 - 2014-07-16 14:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-16 14:45 - 2014-07-16 14:34 - 00000000 ___HD () C:\Windows\AxInstSV
2014-07-16 14:31 - 2014-07-16 14:30 - 02347384 _____ (ESET) C:\Users\nate\Desktop\esetsmartinstaller_enu.exe
2014-07-16 14:07 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 14:07 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 13:47 - 2014-07-16 13:47 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 13:45 - 2014-06-17 07:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 13:43 - 2014-07-16 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-16 13:43 - 2014-05-15 10:18 - 00000000 ____D () C:\Users\nate\AppData\Roaming\DropboxMaster
2014-07-16 13:43 - 2012-10-15 12:16 - 00000000 ___RD () C:\Users\nate\Dropbox
2014-07-16 13:41 - 2012-09-24 22:38 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 13:41 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 13:41 - 2009-07-13 21:51 - 00076426 _____ () C:\Windows\setupact.log
2014-07-16 13:40 - 2014-06-08 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-16 13:40 - 2010-11-20 20:47 - 00306752 _____ () C:\Windows\PFRO.log
2014-07-16 13:39 - 2014-03-18 20:51 - 00000000 ____D () C:\AdwCleaner
2014-07-16 13:17 - 2014-07-16 13:16 - 01348263 _____ () C:\Users\nate\Desktop\AdwCleaner.exe
2014-07-16 13:16 - 2014-07-16 13:16 - 00000632 _____ () C:\Users\nate\Desktop\forum post 2.txt
2014-07-16 13:15 - 2014-07-16 13:15 - 00000632 _____ () C:\Users\nate\Desktop\JRT.txt
2014-07-16 13:05 - 2014-07-16 13:05 - 01016261 _____ (Thisisu) C:\Users\nate\Desktop\JRT.exe
2014-07-15 23:06 - 2014-07-15 22:17 - 00077802 _____ () C:\Users\nate\Desktop\forum post 1.txt
2014-07-15 22:20 - 2014-04-14 17:27 - 00000000 ____D () C:\Users\nate\AppData\Local\CrashDumps
2014-07-15 22:18 - 2014-07-15 15:21 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-15 21:46 - 2014-07-15 21:46 - 00000899 _____ () C:\Users\nate\Desktop\NTREGOPT.lnk
2014-07-15 21:46 - 2014-07-15 21:46 - 00000880 _____ () C:\Users\nate\Desktop\ERUNT.lnk
2014-07-15 21:46 - 2014-07-15 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-15 21:46 - 2014-07-15 21:46 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-15 21:45 - 2014-07-15 21:45 - 00791393 _____ (Lars Hederer ) C:\Users\nate\Desktop\erunt-setup.exe
2014-07-15 21:43 - 2014-07-15 21:40 - 00003192 _____ () C:\Users\nate\Desktop\Rkill.txt
2014-07-15 21:38 - 2014-07-15 21:38 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\nate\Desktop\rkill.exe
2014-07-15 16:30 - 2010-11-21 00:16 - 00000000 ____D () C:\Windows\ShellNew
2014-07-15 16:24 - 2014-07-14 23:30 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Nycaeg
2014-07-15 16:24 - 2014-06-08 21:11 - 00000000 ____D () C:\Users\nate\Desktop\mbar
2014-07-15 15:20 - 2014-07-15 15:20 - 05336664 _____ () C:\Users\nate\Desktop\RogueKillerX64 (3).exe
2014-07-14 23:45 - 2014-04-12 09:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-14 23:08 - 2013-05-18 12:14 - 00000000 ____D () C:\Users\nate\AppData\Local\Spotify
2014-07-13 15:25 - 2014-07-10 04:07 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Hewovyz
2014-07-13 15:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-07-10 14:50 - 2014-03-28 12:29 - 00000000 ____D () C:\Users\nate\AppData\Local\Iqczsoft
2014-07-10 12:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 12:12 - 2009-07-13 21:45 - 05001936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 12:10 - 2014-05-09 03:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 12:10 - 2010-11-21 00:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 12:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 12:07 - 2012-01-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 12:06 - 2013-07-18 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 12:03 - 2011-08-27 10:49 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 09:58 - 2014-07-06 04:05 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Yvanyt
2014-07-10 09:58 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system
2014-07-10 08:49 - 2014-07-06 07:05 - 00000000 ____D () C:\Users\nate\Desktop\Ben Pix
2014-07-10 06:30 - 2014-07-10 06:29 - 09990477 _____ () C:\Users\nate\Downloads\'Merica.pptx
2014-07-10 04:36 - 2014-07-10 04:35 - 09271339 _____ () C:\Users\nate\Downloads\The Chair Skit 2 (1).m4a
2014-07-10 03:24 - 2014-07-10 03:24 - 00142704 _____ () C:\Users\nate\Downloads\Worship Taiwan.pptx
2014-07-10 03:18 - 2012-09-24 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-10 03:13 - 2014-05-08 12:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 03:13 - 2014-05-08 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 03:13 - 2014-05-08 12:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:21 - 2014-03-26 11:34 - 00000000 ____D () C:\Users\nate\Documents\Taiwan Missions
2014-07-07 03:32 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-07 02:13 - 2014-07-07 02:13 - 00028672 _____ () C:\Users\nate\AppData\Roaming\wintt.exe
2014-07-07 02:13 - 2014-07-07 02:13 - 00028672 _____ () C:\Users\nate\AppData\Roaming\winter.exe
2014-07-06 15:11 - 2011-08-17 01:18 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Adobe
2014-07-06 15:03 - 2011-08-17 01:15 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-06 15:03 - 2011-08-10 13:03 - 00000000 ____D () C:\Windows\delnis
2014-07-06 02:55 - 2014-06-25 11:42 - 00000000 ____D () C:\Users\nate\Desktop\Tim and Ben worship Taiwan
2014-07-05 23:16 - 2014-06-19 23:46 - 00000000 ____D () C:\Windows\pss
2014-07-05 23:16 - 2012-04-16 10:48 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-07-05 23:16 - 2012-01-12 20:59 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\restore
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-07-05 23:16 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\InstallShield
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\IME
2014-07-05 23:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-07-05 23:15 - 2014-06-06 09:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-05 23:15 - 2014-05-31 00:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-05 23:15 - 2014-02-06 21:47 - 00000000 ____D () C:\Users\nate\Documents\iTools
2014-07-05 23:15 - 2014-01-27 18:11 - 00000000 ____D () C:\Users\nate\AppData\Roaming\BitTorrent
2014-07-05 23:15 - 2013-04-14 15:44 - 00000000 ____D () C:\Users\nate\Documents\StarCraft II
2014-07-05 23:15 - 2013-02-12 18:56 - 00000000 ____D () C:\Program Files (x86)\NoteWorthy Composer
2014-07-05 23:15 - 2013-02-07 09:42 - 00000000 ____D () C:\Users\nate\Documents\Church
2014-07-05 23:15 - 2013-02-07 09:41 - 00000000 ____D () C:\Users\nate\Documents\College
2014-07-05 23:15 - 2012-11-28 21:57 - 00000000 ____D () C:\Program Files (x86)\CBR Reader
2014-07-05 23:15 - 2012-10-03 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-05 23:15 - 2012-09-24 23:29 - 00000000 ___RD () C:\Users\nate\Google Drive
2014-07-05 23:15 - 2012-05-20 20:38 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-07-05 23:15 - 2012-05-11 18:00 - 00000000 ____D () C:\Program Files (x86)\Starcraft
2014-07-05 23:15 - 2011-11-21 18:19 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-07-05 23:15 - 2011-10-12 00:03 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-05 23:15 - 2011-10-12 00:03 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-05 23:15 - 2011-08-20 00:38 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-05 23:15 - 2011-08-17 09:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-05 23:15 - 2011-08-17 09:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-07-05 23:15 - 2011-08-10 12:57 - 00000000 ____D () C:\Program Files\PC-Doctor
2014-07-05 23:15 - 2011-08-10 12:42 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-07-05 23:15 - 2011-08-10 12:40 - 00000000 ____D () C:\Program Files (x86)\Integrated Camera Driver
2014-07-05 23:14 - 2010-11-21 00:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-05 23:13 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-07-05 23:10 - 2013-02-07 09:42 - 00000000 ____D () C:\Users\nate\Documents\Games
2014-07-05 23:10 - 2012-01-20 14:27 - 00000000 ____D () C:\Users\nate\Documents\FCS
2014-07-05 23:07 - 2012-01-12 20:56 - 00000000 __RHD () C:\MSOCache
2014-07-05 23:04 - 2011-08-10 12:57 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-05 22:56 - 2011-08-17 01:15 - 00004228 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-05 22:37 - 2011-08-17 01:14 - 00000000 ____D () C:\Users\nate
2014-07-04 08:50 - 2014-07-04 08:50 - 00017799 _____ () C:\Users\nate\Desktop\Hello love.jpeg
2014-06-30 06:23 - 2014-06-22 13:14 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Eselqu
2014-06-29 19:09 - 2014-07-10 03:55 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 19:04 - 2014-07-10 03:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-21 17:13 - 2014-06-21 17:12 - 09271339 _____ () C:\Users\nate\Downloads\The Chair Skit 2.m4a
2014-06-21 09:55 - 2014-06-21 09:51 - 00043368 _____ () C:\Users\nate\Downloads\Addition.txt
2014-06-21 09:55 - 2014-06-21 09:50 - 00066374 _____ () C:\Users\nate\Downloads\FRST.txt
2014-06-21 04:48 - 2014-06-08 21:11 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-20 16:39 - 2014-06-20 16:39 - 03238523 _____ () C:\Users\nate\Downloads\Chinese Training Materials (2).pptx
2014-06-20 13:14 - 2014-07-10 09:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 12:39 - 2014-07-10 09:14 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 23:49 - 2014-06-19 23:49 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-06-18 18:39 - 2014-07-10 09:13 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 18:06 - 2014-07-10 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 18:06 - 2014-07-10 09:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 17:48 - 2014-07-10 09:14 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 17:42 - 2014-07-10 09:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 17:42 - 2014-07-10 09:13 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 17:41 - 2014-07-10 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 17:41 - 2014-07-10 09:13 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 17:32 - 2014-07-10 09:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 17:31 - 2014-07-10 09:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 17:26 - 2014-07-10 09:14 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 17:24 - 2014-07-10 09:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 17:24 - 2014-07-10 09:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 17:23 - 2014-07-10 09:13 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 17:16 - 2014-07-10 09:14 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 17:14 - 2014-07-10 09:13 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 17:09 - 2014-07-10 09:14 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 16:59 - 2014-07-10 09:14 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 16:56 - 2014-07-10 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 16:53 - 2014-07-10 09:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 16:51 - 2014-07-10 09:13 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 16:50 - 2014-07-10 09:14 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 16:48 - 2014-07-10 09:14 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 16:39 - 2014-07-10 09:14 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 16:38 - 2014-07-10 09:14 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 16:37 - 2014-07-10 09:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 16:36 - 2014-07-10 09:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 16:35 - 2014-07-10 09:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 16:33 - 2014-07-10 09:14 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 16:32 - 2014-07-10 09:14 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 16:28 - 2014-07-10 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 16:28 - 2014-07-10 09:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 16:27 - 2014-07-10 09:14 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 16:27 - 2014-07-10 09:14 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 16:25 - 2014-07-10 09:14 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 16:23 - 2014-07-10 09:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 16:22 - 2014-07-10 09:14 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 16:12 - 2014-07-10 09:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 16:06 - 2014-07-10 09:14 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 16:01 - 2014-07-10 09:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 15:59 - 2014-07-10 09:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 15:58 - 2014-07-10 09:14 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 15:58 - 2014-07-10 09:13 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 15:52 - 2014-07-10 09:14 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 15:51 - 2014-07-10 09:14 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 15:49 - 2014-07-10 09:14 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 15:46 - 2014-07-10 09:14 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 15:45 - 2014-07-10 09:14 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 15:35 - 2014-07-10 09:14 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 15:34 - 2014-07-10 09:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 15:15 - 2014-07-10 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 15:13 - 2014-07-10 09:14 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 15:09 - 2014-07-10 09:14 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 15:07 - 2014-07-10 09:14 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 12:31 - 2012-09-24 22:38 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 12:31 - 2012-09-24 22:38 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 19:18 - 2014-07-10 03:53 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 18:51 - 2014-07-10 03:53 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 18:10 - 2014-07-10 03:53 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-06-17 07:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-17 07:30 - 2014-03-18 22:09 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Malwarebytes
2014-06-17 07:30 - 2014-03-18 22:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-17 07:30 - 2014-03-18 22:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-17 01:39 - 2014-06-13 16:54 - 00000000 ____D () C:\Users\nate\AppData\Roaming\Sauvzyeb
2014-06-17 01:39 - 2011-08-28 22:32 - 00000000 ____D () C:\Windows\hpoj4500g510g-m
 
Some content of TEMP:
====================
C:\Users\nate\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxw9iin.dll
C:\Users\nate\AppData\Local\Temp\ntdll_dump.dll
C:\Users\nate\AppData\Local\Temp\Quarantine.exe
C:\Users\nate\AppData\Local\Temp\SE8295.tmp.dll
C:\Users\nate\AppData\Local\Temp\SE97B6.tmp.dll
C:\Users\nate\AppData\Local\Temp\SECAB6.tmp.dll
C:\Users\nate\AppData\Local\Temp\SEDED3.tmp.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-10 10:29
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

We'll be here and we probably won't close your topic that soon. If it does get closed just send me a private message and we'll reopen it, no one is going to abandon you.

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

I'm not sure exactly what it is, but on reboot, a brief thing flashed on the screen, not slow enough for me to read... and I had to press down and enter really fast. Then it attempted to repair files. At the end, it said, nothing got repaired because I didn't insert a disk or something, but everything went back to normal.

Link to post
Share on other sites

  • Root Admin

Okay, so how is the computer running now?

Are there still any signs of an infection?

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.86  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

McAfee Anti-Virus and Anti-Spyware   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Java 7 Update 55  

 Java version out of Date! 

 Adobe Flash Player 14.0.0.145  

 Adobe Reader XI  

 Mozilla Firefox 29.0.1 Firefox out of Date!  

 Google Chrome 35.0.1916.153  

 Google Chrome 36.0.1985.125  

````````Process Check: objlist.exe by Laurent````````  

 Spybot Teatimer.exe is disabled! 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer and do the following.

 

 

Please visit the following links on how to use the SFC tool to check and repair invalid Windows system files.

Using System File Checker (SFC) To Fix Issues
http://blogs.technet.com/askcore/archive/2007/12/18/using-system-file-checker-sfc-to-fix-issues.aspx

How to Repair Windows 7 System Files with System File Checker
 

Link to post
Share on other sites

Everything is working alright except that I can't run the sfc/scannow in cmd because it says the repair service won't start. I think I need to locate my windows 7 disk and use it to repair things. For now, here's the text from the java removal:

 

JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Mon Jul 21 01:33:07 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Mon Jul 21 01:33:21 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Mon Jul 21 01:33:32 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Mon Jul 21 01:33:44 2014
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
 
 
 
JavaRa 1.16 Removal Log.
 
Report follows after line.
 
------------------------------------
 
The JavaRa removal process was started on Sat Jul 26 02:11:18 2014
 
Found and removed: C:\Program Files (x86)\Java\jre6
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.
 
There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.
 
Found and removed: Applications\java.exe
 
Found and removed: Applications\javaw.exe
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}
 
Found and removed: CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}
 
Found and removed: CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}
 
Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}
 
Found and removed: Software\JavaSoft\Java Update
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
 
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
 
Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
 
Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
 
Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
 
Found and removed: SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}
 
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}
 
Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
 
Found and removed: SOFTWARE\Classes\Installer\Features\F60730A4A66673047777F5728467D401
 
Found and removed: SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401
 
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\6C5ADB75C34456D42B338232391207FF
 
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\A5CCAAC40F5B69B47777ACF82566467C
 
Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet
 
Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file
 
Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}
 
Found and removed: SOFTWARE\Classes\.jar
 
Found and removed: SOFTWARE\Classes\.jnlp
 
Found and removed: SOFTWARE\Classes\jarfile
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled
 
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0
 
Found and removed: SOFTWARE\Classes\JNLPFile
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
 
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
 
Found and removed: SOFTWARE\JavaSoft
 
Found and removed: SOFTWARE\JreMetrics
 
Found and removed: SOFTWARE\MozillaPlugins
 
------------------------------------
 
Finished reporting.
Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Okay some bad stuff was removed and an infected file was replaced. Let me have you run through these routine again as some of the infections and removals from the other programs may have been blocked.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

NOTES: After Adwcleaner ran and my computer rebooted, AVG deleted some virus.

 

While running Mbam, AVG, the newly installed antivirus software detected and removed a number of viruses and trojans.

Including: four variants of the crypt_s trojan horse, BAT/miner virus, coin.miner trojan horse, and a dropper.generic trojan horse.

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by nate on Tue 07/29/2014 at  6:49:07.83

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 07/29/2014 at  6:56:08.53

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v3.301 - Report created 29/07/2014 at 07:01:09

# Updated 28/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : nate - NATHANS

# Running from : C:\Users\nate\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

 

-\\ Mozilla Firefox v29.0.1 (en-US)

 

[ File : C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

 

*************************

 

AdwCleaner[R0].txt - [31507 octets] - [18/03/2014 20:51:46]

AdwCleaner[R1].txt - [1113 octets] - [14/04/2014 17:36:10]

AdwCleaner[R2].txt - [1203 octets] - [08/05/2014 12:16:43]

AdwCleaner[R3].txt - [1251 octets] - [22/05/2014 12:44:27]

AdwCleaner[R4].txt - [1419 octets] - [01/06/2014 01:01:15]

AdwCleaner[R5].txt - [1492 octets] - [02/06/2014 19:21:26]

AdwCleaner[R6].txt - [1544 octets] - [16/07/2014 13:32:09]

AdwCleaner[R7].txt - [1701 octets] - [29/07/2014 06:58:29]

AdwCleaner[s0].txt - [32193 octets] - [18/03/2014 20:56:56]

AdwCleaner[s1].txt - [1177 octets] - [14/04/2014 17:38:53]

AdwCleaner[s2].txt - [1267 octets] - [08/05/2014 12:27:40]

AdwCleaner[s3].txt - [1313 octets] - [22/05/2014 16:34:00]

AdwCleaner[s4].txt - [1632 octets] - [01/06/2014 01:08:50]

AdwCleaner[s5].txt - [1605 octets] - [16/07/2014 13:39:15]

AdwCleaner[s6].txt - [1768 octets] - [29/07/2014 07:01:09]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1828 octets] ##########

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/29/2014

Scan Time: 7:10:13 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.29.03

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: nate

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 337367

Time Elapsed: 20 min, 44 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application

C:\AdwCleaner\Quarantine\C\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\Extensions\plugin@yontoo.com.xpi.vir Win32/Adware.Yontoo application

C:\AdwCleaner\Quarantine\C\Users\nate\AppData\Roaming\Search Protection\SearchProtection.exe.vir a variant of Win32/Toolbar.Widgi.G potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\nate\AppData\Roaming\Search Protection\Uninstall.exe.vir a variant of Win32/Toolbar.Widgi.G potentially unwanted application

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM124.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM127.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM42.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM44.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO10.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\WebCakeBHO4.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm

C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage28.zip Win32/Bagle.gen.zip worm

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll.vir a variant of Win64/Sathurbot.B trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll.vir a variant of Win64/Sathurbot.A trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp1952.exe.vir Win64/Simda.A trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp1EA9.exe.vir a variant of Win32/Injector.BIFG trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp26AF.exe.vir a variant of Win32/TrojanDropper.Agent.QMS trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp351B.exe.vir Win32/TrojanDownloader.Agent.AGV trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp50BE.exe.vir a variant of Win32/Kryptik.CCOZ trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp5BC4.exe.vir Win32/VB.RNV trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp6BB2.exe.vir Win32/Simda.B trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp872B.exe.vir a variant of Win32/Injector.BEOU trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp8DB4.exe.vir Win32/Boaxxe.BQ trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp91B9.exe.vir a variant of Win32/Injector.BHHD trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmp9F20.exe.vir Win32/Boaxxe.BB trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpA64B.exe.vir Win32/TrojanDownloader.Agent.AGV trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpA9C5.exe.vir a variant of Win32/Injector.BEJL trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpBDBF.exe.vir Win32/Boaxxe.BR trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpDB16.exe.vir Win32/Boaxxe.BR trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpE377.exe.vir Win32/Simda.B trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpE948.exe.vir a variant of Win32/Injector.BEXV trojan

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Crypto\RSA64\temp\tmpEA7E.exe.vir Win32/Boaxxe.BQ trojan

C:\Qoobox\Quarantine\C\Users\nate\AppData\Roaming\winter.exe.vir Win32/VB.RNV trojan

C:\Qoobox\Quarantine\C\Users\nate\AppData\Roaming\wintt.exe.vir Win32/VB.RNV trojan

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM124.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM127.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM42.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM44.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO10.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\WebCakeBHO4.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip Win32/Bagle.gen.zip worm

C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage28.zip Win32/Bagle.gen.zip worm

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by nate (administrator) on NATHANS on 29-07-2014 10:51:23

Running from C:\Users\nate\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

(Lenovo) C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Dropbox, Inc.) C:\Users\nate\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Spotify Ltd) C:\Users\nate\AppData\Roaming\Spotify\spotify.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

() C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

(Google Inc.) C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [TpShocks] => TpShocks.exe 

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)

HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)

HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2012-07-05] (Synaptics Incorporated)

HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)

HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4309184 2011-02-09] (Lenovo, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)

HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spotify Web Helper] => C:\Users\nate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-29] (Spotify Ltd)

HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [968830F47F5DCD5F4AABA40836FED0EF18F9C861._service_run] => C:\Users\nate\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)

HKU\S-1-5-21-1022412237-4134323410-1441852971-1000\...\Run: [spotify] => C:\Users\nate\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-29] (Spotify Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\nate\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll No File

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)

ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nate\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {9C0639F2-C2ED-4814-9CB3-C69D0260197C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}


SearchScopes: HKCU - {9C0639F2-C2ED-4814-9CB3-C69D0260197C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}

SearchScopes: HKCU - {BA709092-8FBD-4A89-9097-24CAEFAA681B} URL = 

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{3DC09B79-918A-42B2-B483-BA54A14AF754}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{51FEEEDE-6494-4CCD-B694-EF71E60C070E}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{E48734B3-E360-4981-A7A9-8AEA12DB3038}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default

FF DefaultSearchEngine: search

FF SearchEngineOrder.3: Bing 

FF Keyword.URL: hxxp://www.bing.com/search?FORM=U164HD&PC=U164H&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\nate\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\nate\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\nate\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\nate\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\nate\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\nate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\nate\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\nate\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF SearchPlugin: C:\Users\nate\AppData\Roaming\Mozilla\Firefox\Profiles\ggzx4tok.default\searchplugins\yahoo_ff.xml

FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client

FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-08-10]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-28]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-06]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (Google Drive) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]

CHR Extension: (YouTube) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-08]

CHR Extension: (Adblock Plus) - C:\Users\nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibd